xloader

General

Target

Swift Copy.r15
Size

419KB
Sample

210910-gfrvvahdh8
MD5

71c02369bd25414f5a3920c20827da43
SHA1

d4413905513ebe4747483000c4e1a5bcb9659217
SHA256

b9a356a5663584e2884e23d86b1e77ec79740307591a7f3bda33372c123ec0df
SHA512

7fb74ce8eecb5b4d29e2439e661edcde5d7cc52886de698bb4907fe1ce726aa0c6a6b1960ea0badbeecee4e2bc1f61120845e853dcbc3831492a8e5f312e16d2

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

C2

http://www.biosonicmicrocurrent.com/n58i/

Decoy

electrifyz.com

silkpetalz.net

cognitivenavigation.com

poophaikus.com

orchidiris.com

arteregalos.com

dailybookmarks.info

gogoanume.pro

hushmailgmx.com

trjisa.com

notontrend.com

2020polltax.com

orderhappy.club

panggabean.net

govsathi.com

hrsbxg.com

xvideotokyo.online

lotteplaze.com

lovecleanliveclean.com

swaphomeloans.net

Targets

- Target
  
  Swift Copy.exe
- Size
  
  459KB
- MD5
  
  3b2a3fb863cf4f30e508e7be83d5adc7
- SHA1
  
  b81ab8811217e31a7ff73e6defd0c51b0ceba101
- SHA256
  
  acf3df7da4bdf99226ab8574e15d1145e46e28605afdf660f1fb19b1d061c386
- SHA512
  
  c24ad26caea342de74148c29f45a1891d19989f8af63ba51da2877ad7bcf65a2f4449f1b8f638d38efd5ce44e14b8dc58930fcb9fe53563eac26ce64f211214d
Score

10^/10

xloader n58i loader rat
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2